From: Tim (ccie2be@nyc.rr.com)
Date: Tue Oct 07 2008 - 15:49:17 ART
Hi Guys,
I'm doing IE security lab 1
I have 3 devices on the same vlan:
The private int of a VPN 3005. (ip address 183.1.100.11/24, mac addr
00.03.A0.88.D6.24
The outside int of ASA (ip address 183.1.100.12/24, mac addr
001f.9c98.16ae)
And a Win Server ( ip address 183.1.100.100/24, mac addr
0002.a58a.65e6)
When the outside int of the ASA is up, I can't browse from the Win Server to
the private int of the VPN 3000.
But, after I shut down the outside int of the ASA, there's no problem. And,
after a bit the arp table on the Win Server is correct.
Then, if I re-enable the outside int of the ASA, the ARP table on the Win
Server becomes corrupted showing the same Mac address (the MAC address of
the ASA's outside int)
for both the Win Server and the outside int of the ASA.
So, it seems like the ASA is responding to ARP requests for 183.1.100.11
with its own mac address.
Has anybody ever seem this behavior before or know why this is happening?
And, how can I make it stop doing that.
Thanks, Tim
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Sat Nov 01 2008 - 15:35:19 ARST